1. What are the E-payment User Protection Guidelines?

The E-Payment User Protection Guidelines ("Guidelines") are issued by the Monetary Authority of Singapore (“MAS”) and aims to protect individuals and sole proprietors from losses arising from unauthorised or erroneous e-payment transactions from their protected accounts, especially in cases involving high-risk activities.

For more information on the Guidelines, including protected accounts, duties as an account holder, and unauthorised transactions, please read more here.

2. What is a "protected account"?

Protected account is any payment account that:

• is held in the name of one or more persons, all of whom are either individuals or sole proprietors;


• is capable of having a balance of more than S$1,000 (or equivalent amount expressed in any other currency) at any one time, or is a credit facility;


• is capable of being used for electronic payment transactions; and


• where issued by a relevant payment service provider is a payment account that stores specified e-money

Some examples would include Mari Savings Account and Mari Business Account (for sole proprietors only).

3. What are “high-risk activities”?

Some examples of “high-risk activities” are :

• adding of payees to your payment profile;


• increasing the transaction limits for outgoing payment transactions from the payment account;  


• disabling transaction notifications that MariBank will send upon completion of a payment transaction; and


• change in the account holder’s contact information including mobile number, email address and mailing address

4. What are my duties as an account holder or account user?

Your responsibilities are set out in the Guidelines and include the following:

• Providing us with complete and accurate contact information;


• Enabling, opting to receive and monitoring all notification alerts on any device used to receive such alerts;


• Protecting your access codes and login credentials to your protected accounts (e.g. PIN, OTP, password, device passcode or other credentials that are used to authenticate your identity) and not share them with third parties, including MariBank staff;


• Securing records of your access codes (if any) and ensuring that they are not easily accessible by third parties;


• Read the content of the messages containing the access codes and verify that the stated recipient or intended activity is accurate before completing the transaction;


• Download the MariBank mobile application from official sources only  such as Apple App Store or Google Play Store;


• Do not root or jailbreak the devices used to access the MariBank mobile application;


• Do not install applications from unauthorised sources on your devices used to access the MariBank mobile application;


• Read and understand the risks and implications of performing any high-risk activities before confirming the performance of such activities;


• Do not click on URL links purportedly sent by MariBank, as they could be part of phishing attempts. The Bank will not send any URL links that require you to provide access codes or to perform any actions;


• Reporting any unauthorised or erroneous activity to us as soon as practicable and in any case, no later than 30 days  after receiving a notification or alert regarding the activity  from us;


• Activate self-service feature provided by us to block further access to the protected account if you have been notified of any unauthorised transaction and have reason(s) to believe that your account has been compromised (“Kill-Switch”);


• Making a police report and providing us with all relevant information to facilitate any investigation.

5. How will I receive transaction alerts from MariBank?

For outgoing transactions, you will receive alerts via MariBank's in-app notifications, push notifications, SMS and/or emails sent to the mobile phone number and/or email address you have registered with us.

For incoming transactions, you will receive alerts via MariBank's in-app notifications, push notifications and/or emails sent to the email address you have registered with us.

You may manage your notification preferences on the MariBank app, under “General Settings” on the "Me" page. Do note that we do not currently allow disabling of push notification alerts for outgoing transactions.

6. What is an “unauthorised transaction” under the Guidelines?

An unauthorised transaction refers to any payment transaction initiated by any person without the actual or imputed knowledge and implied or express consent of a protected account user.

7. How do I report an erroneous or unauthorised transaction?

If you have detected unauthorised transactions in your account, please contact our 24/7 Customer Service team immediately at +65 6995 8688.

You may also activate the “Kill-Switch” on the MariBank mobile app, under “Help Centre” on the “More Services” or “Can’t find what you are looking for” page.

8. I have made an unauthorised transaction report, what happens next?

You will receive an acknowledgment of your report via email.

To facilitate our investigation process, please provide us with all requested information on a timely basis. Please also lodge a police report if there has been any unauthorised transaction(s). Please note that MariBank will not ask you for sensitive data such as your PIN number.

We will complete our investigations within 21 business days or 45 business days for complex cases. We seek your understanding and assistance in this regard.

9. What is the liability framework for unauthorised transactions under the Guidelines?

Please note that the liability framework for losses arising from unauthorised transactions below do not apply to any credit card, charge card or debit card issued by MariBank.

Scenario 1: Account holder is liable for loss

The account holder is liable for actual loss arising from an unauthorised transaction if the account user’s recklessness was the primary cause of the loss. This would apply, for example, where the account holder deliberately fails to comply with his / her duties under the Guidelines.

The account holder’s liability for any actual loss arising from the unauthorised transaction is capped at the applicable transaction limit or daily payment limit on the protected account.

Scenario 2: Account holder is not liable for loss

The account holder is not liable for any loss arising from an unauthorised transaction if the loss arises from any action or omission by MariBank and does not arise from any failure by the account user to comply with any duty under the Guidelines.

Examples of such actions or omissions by MariBank include fraud, negligence on our part in providing services through the protected account, or failure to comply with our obligations under the Guidelines.

Scenario 3: Loss arising from any action or omission by any independent third party

The account holder is not liable for the first $1,000 of any loss arising from an unauthorised transaction if the loss:

• arises from any action or omission by any third party not referred to in Scenario (2); and


• does not arise from any failure by any account holder to comply with any duties under the Guidelines.

Last updated: 16 December 2024